[FOLIO-2494] SPIKE: redesign authn/z protocol to avoid relying on headers Created: 02/Mar/20  Updated: 03/Jun/20

Status: Open
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Umbrella Priority: TBD
Reporter: Jakub Skoczen Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: platform-backlog
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint:
Development Team: Core: Platform

 Description   

DRAFT

Current approach

TODO

Proposed redesign

  • Redesign mod-authtoken - Okapi integration: switch from the "filter" approach to a standard "handler" invocation and redesign mod-authtoken token signning functionality around a standard JSON-based interface
  • drop X-Okapi-Token and X-Okapi tenant ID, instead rely on regular Authorization header and/or claims embedded in JWT
  • drop X-Request-Id – investigate feasibility of encoding request identifier in the Authorization header.

Generated at Thu Feb 08 23:21:03 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.